-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing Custom JKS and InsecureTrustManagerFactory support for ProxyEndpoint #608
Comments
Hi @shahpankil, in my opinion your observations are valid. For the same reason (among others) I have opened #642 today. We are trying to realize better configurable origin HTTPS connections by extending some Zuul2 default implementations using inheritance:
All in all this allows for a clean customization, but requires to copy most of Extending/customizing the code directly gives us a lot more control. Especially as Ribbon is not really used under the hood. Instead just parts of the |
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days. |
Greetings,
We are evaluating to use zuul2 as our API gateway. For one of our use-case we observed following and seems this is either a defect or pending implmentation.
Use-case:
We have two backend services. One runs on HTTP and the other on HTTPS(self-signed certificates).
We use consul for service discovery and health. We do not use Eureka.
When we have below configuration in our application.properties for zuul server.
We observe that the the DefaultOriginChannelInitializer is used to make appropriate API call to the Origin service.
Here we also observe that 'webserver.ribbon.IsSecure=true' is appropriately getting used for adding the SSL handler[file:DefaultOriginChannelInitializer.initChannel()] , but the other properties to use our custom truststore 'webserver.ribbon.TrustStore=gateway.jks' and 'webserver.ribbon.IsHostnameValidationRequired=false' are not getting used to create appropriate SslContext[file:DefaultOriginChannelInitializer.getClientSslContext()]
Issues:
So enhancement is required in method DefaultOriginChannelInitializer.initChannel(), and if 'webserver.ribbon.IsSecure=true' is set then we read other configs and create SslContext.
Other alternative is when creating 'DefaultOriginChannelInitializer' a third argument of type 'IClientConfig' is added so that the SslContext is created correctly when instantiating the object.
Questions:
Thanks.
The text was updated successfully, but these errors were encountered: